Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-29400

Опубликовано: 11 мая 2023
Источник: debian
EPSS Низкий

Описание

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.20fixed1.20.4-1package
golang-1.19fixed1.19.9-1experimentalpackage
golang-1.19fixed1.19.10-2package
golang-1.19no-dsabookwormpackage
golang-1.19no-dsabullseyepackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

  • https://github.com/golang/go/issues/59722

  • https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)

  • https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)

EPSS

Процентиль: 15%
0.00048
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-29400

CVSS3: 7.3
ubuntu
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

redhat логотип

CVE-2023-29400

CVSS3: 7.3
redhat
почти 3 года назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

nvd логотип

CVE-2023-29400

CVSS3: 7.3
nvd
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

msrc логотип

CVE-2023-29400

CVSS3: 7.3
msrc
5 месяцев назад

Improper handling of empty HTML attributes in html/template

github логотип

GHSA-c9hr-fvm9-7c49

CVSS3: 7.3
github
больше 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

EPSS

Процентиль: 15%
0.00048
Низкий